BuyLog In
Breaking Change T927658
Visible to All Users

Security - Certain exceptions for prohibited rules are changed to user-friendly exceptions

What Changed

We have changed the behavior of XPObjectSpace created by SecuredObjectSpaceProvider and the behavior of SecuredEFCoreObjectSpace created by SecuredEFCoreObjectSpaceProvider. Now, IObjectSpace.CommitChanges will throw the following exceptions on attempts to perform actions prohibited by security rules:

  • XPObjectSpace - UserFriendlyObjectLayerSecurityException.
  • SecuredEFCoreObjectSpace - UserFriendlyEFCoreSecurityException.

UserFriendlyObjectLayerSecurityException is an ObjectLayerSecurityException descendant and UserFriendlyEFCoreSecurityException is inherited from the Exception. Both exception types implement the IUserFriendlyException interface that is processed by XAF UI - a user-friendly error dialog is displayed instead of a fatal error.

Reasons for Change

These changes are required to correctly handle errors related to XAF's UI Actions prohibited by Action permissions.

Impact on Existing Apps

If your application has the code that checks for the exact exception type to handle exceptions raised when the IObjectSpace.CommitChanges method is called, your condition won't be met. Examples:

C#
using DevExpress.Xpo.Exceptions;
//...
try {
    // do something
    objectSpace.CommitChanges();
}
catch(Exception e){
    if(e.GetType() == typeof(ObjectLayerSecurityException)) { 
        // do something
    }
}
Visual Basic
Imports DevExpress.Xpo.Exceptions
'...
Try
    ' do something
    objectSpace.CommitChanges()
Catch e As Exception
    If e.GetType() = GetType(ObjectLayerSecurityException) Then
        ' do something
    End If
End Try

How to Update Existing Apps

Re-write your existing code as shown below:

C#
try {
    // do something
    objectSpace.CommitChanges();
}
catch(ObjectLayerSecurityException e) {
    // do something
}
Visual Basic
Try
    ' do something
    objectSpace.CommitChanges()
Catch e As ObjectLayerSecurityException
    ' do something
End Try

Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.